• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

AD over NAT fails.

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> AD over NAT fails. Page: [1]
Login
Message << Older Topic   Newer Topic >>
AD over NAT fails. - 31.Aug.2010 12:22:29 PM   
tiderfish

 

Posts: 2
Joined: 31.Aug.2010
Status: offline
I have been having a bear of a time getting Active Directory working with our ISA2004 Server.  I have gotten this to work on the regular network. That is when the ISA and the PDC is on the same network. However we are in the process of moving to a new network that represents both a physically different network, and a different IP space.  I will try to explain the problems.

Bottom line is this: when the firewall service in ISA2004 is started, Active Directory does not work.
Network A is the old network, that contains the AD servers.
Network B is the new network that contains the ISA2004 server.

The two networks are joined by a router. In this router it has NAT rules that allow all connections back to the old network. The old network is allowed full access to the new network.

For what ever reason The only way I can get ISA to work is by stopping the firewall service. Obviously this is not the best solution. When I try to remote desktop to the ISA server, I get the error that the domain does not exist or could not be contacted.

I have the ISA only plugged into 1 NIC and it has a static IP address on the new network. I have all the add-ons disabled. Please help!

Matt|ttaM


Post #: 1
RE: AD over NAT fails. - 3.Sep.2010 10:42:17 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

when ISA is deployed using single-NIC, it doesn't act as a network firewall (it only serves to firewall itself). For ISA work as network firewall you MUST install two or more NICs.

Also, AD doesn't support NAT. You must route connections.

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to tiderfish)
Post #: 2
RE: AD over NAT fails. - 3.Sep.2010 11:18:39 AM   
tiderfish

 

Posts: 2
Joined: 31.Aug.2010
Status: offline
Thanks for the reply. Please elaborate your answers though.

If I must keep the server in single NIC mode, then can I just disable the firewall service and leave it off? It seems that once that service is down it will kill all the firewall rules, does anything else need those rules?

Also for the NAT problem. It seems like that NAT is working. However it's only failing when the firewall is not working. To be clear, I am not NATing on the ISA server, the NAT is transparent on the router. If I need to add routes, how do I go about doing that?

Matt|ttaM

(in reply to paulo.oliveira)
Post #: 3
RE: AD over NAT fails. - 3.Sep.2010 11:47:26 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,
quote:

If I must keep the server in single NIC mode, then can I just disable the firewall service and leave it off? It seems that once that service is down it will kill all the firewall rules, does anything else need those rules?

If you disable Microsoft Firewall service, you put ISA on Lockdown mode. For more info about ISA single-NIC: http://technet.microsoft.com/pt-br/library/cc302586(en-us).aspx

quote:

Also for the NAT problem. It seems like that NAT is working. However it's only failing when the firewall is not working. To be clear, I am not NATing on the ISA server, the NAT is transparent on the router. If I need to add routes, how do I go about doing that?

About NAT support: http://support.microsoft.com/kb/978772

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to tiderfish)
Post #: 4
RE: AD over NAT fails. - 19.Jul.2012 10:48:39 AM   
01blackerado

 

Posts: 14
Joined: 8.Nov.2011
Status: offline
What are you trying to do? I dont fully understand this but ill try to give the best solution to what i interpret as your problem.

Ok what i gather is, two networks.

Old Network 192.168.x.x

New Network 10.10.x.x

You want the NEW network to be able to communicate with the old network right!? Then just put a router in between the two networks! Im not even sure where ISA comes into play here because it's not a needed component to do what youre trying to do. ESPECIALLY since the ISA server has only 1 NIC card.

If you want to use ISA to join the 2 networks then ISA needs at LEAST 2 NIC's (one connected to the old network and one connected to the new network)

(in reply to paulo.oliveira)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> AD over NAT fails. Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts